GlobalSign is no longer issuing digital certificates as it investigates the incident

Digital certificates issued by GlobalSign have come under scrutiny after a hacker's claim that he broke into the company's computer systems. If true, it would be the second such compromise in the past few weeks.

The hacker, known as Comodohacker, said on Monday he had broken into Dutch certificate authority (CA) DigiNotar and that he had access to four other such companies, including GlobalSign, a certificate authority based in Portsmouth, New Hampshire. On Tuesday, GlobalSign said it was investigating the claim and had "decided to temporarily cease issuance of all certificates until the investigation is complete."

Little noticed by most Web surfers, digital certificates are an important part of the Internet's foundations. They help browsers know when they are visiting legitimate websites rather than fakes.

A country that has control over its Internet service providers and has access to fake digital certificates could create a website that would be almost impossible to distinguish from, for example, Gmail.com. That's what some experts think happened in Iran last month.

A forensics report commissioned by DigiNotar found someone had hacked into DigiNotar and set up a fake Google.com site that was used in late July and August to spy on as many as 300,000 Iranians.

Most browsers no longer trust the DigiNotar certificates, but if Comodohacker's claims are true there could be further problems in store.

Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's email address is robert_mcmillan@idg.com.